CVE-2008-5720

Name of the Vulnerable Software and Affected Versions Mayaa versions prior to 1.1.23

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.

Recommendations For versions prior to 1.1.23, update to version 1.1.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception to minimize the risk of exploitation.